aci_bv_br_all = BER_BVC("[all]"),
aci_bv_access_id = BER_BVC("access-id"),
aci_bv_anonymous = BER_BVC("anonymous"),
+ aci_bv_public = BER_BVC("public"),
aci_bv_users = BER_BVC("users"),
aci_bv_self = BER_BVC("self"),
aci_bv_dnattr = BER_BVC("dnattr"),
* user is bound as somebody in the same namespace as
* the entry, OR the given dn matches the dn pattern
*/
- if ( ber_bvcmp( &b->a_dn_pat, &aci_bv_anonymous ) == 0 ) {
+ if ( bvmatch( &b->a_dn_pat, &aci_bv_anonymous ) ) {
if ( op->o_ndn.bv_len != 0 ) {
continue;
}
- } else if ( ber_bvcmp( &b->a_dn_pat, &aci_bv_users ) == 0 ) {
+ } else if ( bvmatch( &b->a_dn_pat, &aci_bv_users ) ) {
if ( op->o_ndn.bv_len == 0 ) {
continue;
}
- } else if ( ber_bvcmp( &b->a_dn_pat, &aci_bv_self ) == 0 ) {
+ } else if ( bvmatch( &b->a_dn_pat, &aci_bv_self ) ) {
if ( op->o_ndn.bv_len == 0 ) {
continue;
}
if ( b->a_domain_expand ) {
struct berval bv;
- bv.bv_len = sizeof(buf);
+ bv.bv_len = sizeof(buf) - 1;
bv.bv_val = buf;
string_expand(&bv, &b->a_domain_pat, e->e_ndn, matches);
}
if ( b->a_group_pat.bv_len ) {
- char buf[ACL_BUF_SIZE];
struct berval bv;
struct berval ndn = { 0, NULL };
int rc;
continue;
}
- bv.bv_len = sizeof(buf) - 1;
- bv.bv_val = buf;
-
/* b->a_group is an unexpanded entry name, expanded it should be an
* entry with objectclass group* and we test to see if odn is one of
* the values in the attribute group
*/
/* see if asker is listed in dnattr */
if ( b->a_group_style == ACL_STYLE_REGEX ) {
- string_expand(&bv, &b->a_group_pat, e->e_ndn, matches);
- if ( dnNormalize2(NULL, &bv, &ndn) != LDAP_SUCCESS ) {
+ char buf[ACL_BUF_SIZE];
+ bv.bv_len = sizeof(buf) - 1;
+ bv.bv_val = buf;
+
+ string_expand( &bv, &b->a_group_pat, e->e_ndn, matches );
+ if ( dnNormalize2( NULL, &bv, &ndn ) != LDAP_SUCCESS ) {
/* did not expand to a valid dn */
continue;
}
+
bv = ndn;
+
} else {
bv = b->a_group_pat;
}
- rc = backend_group(be, conn, op, e, &bv, &op->o_ndn,
- b->a_group_oc, b->a_group_at);
- if ( ndn.bv_val )
- free( ndn.bv_val );
+ rc = backend_group( be, conn, op, e, &bv, &op->o_ndn,
+ b->a_group_oc, b->a_group_at );
+
+ if ( ndn.bv_val ) free( ndn.bv_val );
+
if ( rc != 0 ) {
continue;
}
const char *text;
AttributeDescription *desc = NULL;
if (slap_bv2ad(attr, &desc, &text) == LDAP_SUCCESS) {
- backend_attribute(cp->be, NULL, NULL,
+ backend_attribute(cp->be, NULL, cp->op,
cp->e, &ndn, desc, &bvals);
}
free(ndn.bv_val);
if ( dnNormalize2(NULL, &subjdn, &ndn) == LDAP_SUCCESS
&& slap_bv2ad(&setat, &desc, &text) == LDAP_SUCCESS )
{
- backend_attribute(be, NULL, NULL, e,
+ backend_attribute(be, NULL, op, e,
&ndn, desc, &bvals);
if ( bvals != NULL ) {
if ( bvals[0].bv_val != NULL ) {
if (grp_oc != NULL && grp_ad != NULL ) {
char buf[ACL_BUF_SIZE];
struct berval bv, ndn;
- bv.bv_len = sizeof( buf );
+ bv.bv_len = sizeof( buf ) - 1;
bv.bv_val = (char *)&buf;
string_expand(&bv, &subjdn, e->e_ndn, matches);
if ( dnNormalize2(NULL, &bv, &ndn) == LDAP_SUCCESS ) {
- rc = (backend_group(be, conn, op, e, &ndn, &op->o_ndn, grp_oc, grp_ad) == 0);
+ rc = (backend_group(be, conn, op, e, &ndn, &op->o_ndn,
+ grp_oc, grp_ad) == 0);
free( ndn.bv_val );
}
}
See draft-ietf-ldapext-aci-model-04.txt section 9.1 for
a full description of the format for this attribute.
+ Differences: "this" in the draft is "self" here, and
+ "self" and "public" is in the position of dnType.
For now, this routine only supports scope=entry.
*/
if (ber_bvstrcasecmp( &aci_bv_access_id, &bv ) == 0) {
struct berval ndn;
- rc = 1;
+ rc = 0;
if ( dnNormalize2(NULL, &sdn, &ndn) == LDAP_SUCCESS ) {
- if (!dn_match( &op->o_ndn, &ndn))
- rc = 0;
+ if (dn_match( &op->o_ndn, &ndn))
+ rc = 1;
free(ndn.bv_val);
}
return (rc);
+ } else if (ber_bvstrcasecmp( &aci_bv_public, &bv ) == 0) {
+ return(1);
+
} else if (ber_bvstrcasecmp( &aci_bv_self, &bv ) == 0) {
if (dn_match(&op->o_ndn, &e->e_nname))
return(1);
struct berval bv;
int rc;
- bv.bv_len = sizeof(newbuf);
+ bv.bv_len = sizeof(newbuf) - 1;
bv.bv_val = newbuf;
if(str == NULL) str = "";